Hi,
I have a problem. I must have separete URLs for session expiration and logout that occurs from ui event.
If I invoke Application.close(), it goes to “logoutURL” but it leaves session open. If I invoke Application.close() and then session.invalidate() it redirects to SessionExpiredURL.
How to logout so that it invalidates session and goes to logoutUrl when user clicks button?
Partial answer: I’ve noticed that one session may involve multiple Toolkit applications, therefore Application.close() does not close session. I’ve some time ago checked code from WebApplicationContext which handles sessions, you might want to do that too…
I’m using latest WebApplicationContext.
(First post was from me, forgot to login)
Hi,
for what reason do you need to invalidate a session ? If you close the application by a close method, next time, when you try to use it - a new instance will be created, so you can bind all application-specific variables and data to the Application class instance, not to the session.
Normally, if http session expires by a timeout, for istance, this is automatically handled by itmill - your application instance will be closed for you, user will notice the “Session expired” message dialog and then application will restart.
I was invalidating the session because I needed to “logout” from multiple toolkit portlets (multiple applications).
If I invalidated the session, toolkit redirected to sessionExpiredUrl.
I made alternative logout portlet (plain javax.portlet.Portlet) which invalidated session and then redirected to another page. It works.
Ah, I do see now, thanks !
So yes, it looks like for such case this is a right scenario.